Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
1
Replies

how to configure bypass for ssh to web server in another side of CSS11506

julxu
Level 1
Level 1

‎09-06-2005 10:58 PM

Greeting,

I tried to configure to allow system administrator use ssh to access WEB server.

I did:

acl 1

clause 20 bypass tcp nql UWS eq 22 destination nql local-WEB-Farm

apply circuit-(VLAN1)

But, I still do not understand how the outside can ssh into web server? there is no route for the privite network in another side of CSS?

Is that means I need configure a routing protocol to let outside see the server?

Any comments will be appreciated

Thanks in advance

Julie

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎09-06-2005 11:15 PM

Julie,

why do you need a bypass acl ??

Bypass is usually needed when the destination ip/port could match a content rule and you don't want some hosts to hit the rule but instead simply forward the traffic ?

Do you have a content rule matching any traffic ??

This type of acl is usually being used for HTTP in a caching environment, so I really don't see why it would be required for SSH.

Regarding your next question, about how to reach the subnet behind the CSS, simply use common routing principles.

Think of the CSS as a router.

If you want to reach a segment attached to the CSS, you need to make sure the rest of your network knows about it.

I would not recommend using routing protocols on the CSS itself.

Instead, I would configure a static route on a next-hop device and propagate the route from there.

Regards,

Gilles.

Thanks for rating.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card